Search:  Catalog  Site

Phishing and Online Identity Theft

Phishing and Online Identity Theft

Phishing is a fraudulent attempt, usually made through e-mail, to obtain personal information or passwords to your valuable online accounts. Phishing scams typically involve emails that falsely claim to be from brokerage firms, banks, credit card companies, Internet auction sites, electronic payment services or some other service that you use. In other instances, the emails purport to be from government agencies. 

To appear genuine, these emails may use:
  • The names of real people.   
  • Legitimate looking email addresses, such as support@[name of your financial institution].com. 
  • Authentic looking logos and graphics. 
  • Links to pages of a bona fide website. 
  • Official looking fine print and references to laws.
Most of these emails attempt to lure you into providing sensitive personal information by requesting that you provide it in a reply email or by clicking on a link to a website that mimics a legitimate website and asks you to provide the information. Various "urgent" messages are also used to lower your guard, such as:
  • Your account will be shut down unless you update your information. 
  • You need to verify your identity because your account appears to be being used by a third-party in violation of the law. 
  • Security measures to protect your account from identify theft require you to verify your account information. 
  • Due to a technical update you need to reactivate your account. 
  • Recent changes in the law require users to identify themselves.
According to the Financial Industry Regulatory Authority (FINRA) economic cyber-crime continues to surge. Phishing attacks have increased significantly since they were first discovered in 2005. For more information on how to protect yourself from Phishing and other online scams, visit the FINRA Investor Alert page.